CVE-2024-7808

HIGH

fabian job_portal 1.0 - SQL Injection via logindbc.php Email Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-7808. PoCs published by TheUnknownSoul.

AI-analyzed exploit summary This PoC exploits CVE-2024-7808, an RCE vulnerability in open-webui via CSRF, allowing non-admin users to upload and execute a reverse shell payload. The script automates the setup of a web server and netcat listener, then uploads a malicious file to trigger the exploit.

Description

A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file logindbc.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WORKING POC 2 stars

by TheUnknownSoul · poc

https://github.com/TheUnknownSoul/CVE-2024-7808

View Code ZIP pw:eip

This PoC exploits CVE-2024-7808, an RCE vulnerability in open-webui via CSRF, allowing non-admin users to upload and execute a reverse shell payload. The script automates the setup of a web server and netcat listener, then uploads a malicious file to trigger the exploit.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: open-webui (version not specified)

No auth needed

Prerequisites: Target URL with vulnerable open-webui instance · Network access to the target · Python 3 and dependencies (requests, subprocess) · Netcat for reverse shell listener

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

VDB Entry vdb-entry technical-description

https://vuldb.com/?id.274704

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.274704

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.390329

Exploit, Issue Tracking exploit issue-tracking

https://github.com/XYgit-99/cve/issues/1

Scores

CVSS v3 7.3

EPSS 0.0123

EPSS Percentile 65.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

fabian/job_portal 1.0

Published Aug 15, 2024

Tracked Since Feb 18, 2026